XML-RPC is a remote procedure call (RPC) protocol which uses XML to encode its calls and HTTP as a transport mechanism. XML-RPC also refers generically to the use of XML for remote procedure call, independently of the specific protocol.
With WordPress XML-RPC support, you can post to your WordPress blog using many popular Weblog Clients.
This is useful if you want to post the content via other platforms other than logging into the WordPress admin. Unfortunately, attackers can also use those weblog clients to brute force attack your WordPress site.
Thus if you don’t need to have other weblog clients to access to your WordPress posts, simply disable XML-RPC feature.
To do it, simply paste the following code right into your .htaccess file:
# BEGIN Disable XML-RPC.PHP
<Files xml-rpc.php>
Order Deny,Allow
Deny from all
</Files>
# END Disable XML-RPC.PHPLearn more